Paul Jacobs

Beta: ImunifyAV 4.2.1 released

We are pleased to announce that a new ImunifyAV Beta version 4.2.1 is now available for download from our updates-testing repository.​

Continue reading
Paul Jacobs

Beta: Imunify360 4.2.1 released

We are pleased to announce that a new Imunify360 Beta version 4.2.1 is now available for download from our updates-testing repository.​

Continue reading
Inessa Atmachian

WAF rulesets released

We are pleased to announce that the new updated WAF rulesets version 2.45 are released. Changelog fixed the false positive triggering for ACF fields WordPress plugin; after monitoring and analysis disabled the rule for GetSimple CMS before 3.3.6 due to high FP rate; optimized the usage of default_SESSION.pag data file. Stay in touch If you encounter any problems with the product or you have feedback and ideas to share, please send a request to our Imunify360 support team via cloudlinux.zendesk.com .
Tags:
WAF
Greg Zemskov

New Knowledgebase Article: How to Replicate Imunify360 Config

We have a nice, new, time-saving tip over on the CloudLinux KnowledgeBase.

It tells you how to copy Imunify360 configurations from one server to another.

Read it here.

If there’s anything else you’d like us to write about, please let us know.

Inessa Atmachian

WHMCS plugin version 1.3.5 is here

We are pleased to announce that the new updated WHMCS plugin version 1.3.5 is now available. This latest version embodies further improvements of the product as well as new features. If you encounter any problems with the product or have any questions, comments, or suggestions, please contact our support team at cloudlinux.zendesk.com: the Imunify360 department . We’d be more than happy to help. Changelog: DEF-8495: added the additional check for models. Hide CloudLinux section in the client area if there are no CloudLinux licenses. To upgrade WHMCS plugin, please do the following: Download CloudLinux Licenses for WHMCS: http://repo.cloudlinux.com/plugins/whmcs-cl-plugin-latest.zip . U...
Continue reading
Tags:
Inessa Atmachian

Imunify360 4.1.0-9 released

We are pleased to announce that the new Imunify360 version 4.1.0-9 is now scheduled for gradual roll-out from our production repository and will be available for all customers in about two weeks or less. If you'd like to get updated Imunify360 version 4.1.0-9 now, please send the list of servers IPs to our support team at This email address is being protected from spambots. You need JavaScript enabled to view it. . That way you'll be added to the list and get those updates instantly. Improvements Automatic Scheduled/Background Malware Scanning Many of our users have been waiting for automatic, scheduled, background scanning of user accounts. It’s now here. You decide the interval, day and time of scanning. We will be adding scan result notifications in l...
Continue reading
Tags:
Alex Yevelev

Imunify360 and Mắt Bão: Cybersecurity and the Eye of the Storm

Mắt Bão is a leading Vietnamese IT services and hosting provider, and, we’re proud to say, a new Imunify360 customer.

The company name means ‘eye of the storm’. Founder and chairman of the board Le Hai Binh chose the name, inspired by a Vanessa-Mae concert.

Since 2003, Mắt Bão has been providing hosting and technical services to hundreds of thousands of customers, with services covering rack and cloud hosting, local and international domain name registration, email services, website design, everything a digital venture needs to make a mark in a competitive online world.

Now, with over 300 employees, Mắt Bão wants to do more for businesses. They want to help start-ups and incubator companies get off the ground, to mature and prosper; they want to help established enterprises improve their digital performance and ROI. To do this, Mắt Bão offers many free resources to the community, such as ebooks and workshops on how to be successful in online environments. Places for their monthly workshops are limited and quickly filled, due, in part, to being hosted by popular and well-known industry speakers.

Although CloudLinux and Mắt Bão have different languages and different cultures, we still have a lot in common. Like us, Mắt Bão rises above their competitors with a focus on excellent customer care, 24x7x365 world-class support, and water-tight SLAs.

Continue reading
Paul Jacobs

Imunify360 Live Webinar – April 23 – “We Know How You Were Hacked”

Detecting a website infection isn't enough. To stop it happening again, you need to know how it got there.  50 to 70 percent of shared hosting websites have infections. Finding and removing malware and viruses is easy. But they'll come back unless you know how they got there and where they came from. Imunify360 knows, and we're holding a webinar to explain everything. Join  on Tuesday, April 23, 2019, at 10 AM (PST) / 1PM (EST). In the webinar, CloudLinux CEO Igor Seletskiy reprises this year's successful CloudFest presentation. Jamie Charleston , Senior Sales Engineer, will follow up with a live demo of Imunify360. A question and answer session will wrap up the webinar.  Regi...
Continue reading
Naveen Velusamy

File System Friend or Foe? - How to Tell if a File is Good or Bad

An unlucky upshot of running your own website or online store is that, sooner or later, hackers will add it to their ‘juicy list of prey’. Once in their list, hackers will continuously scan and probe your site for weaknesses, trying to find a way to further their illicit goals.

As a hoster, you’ll have to sift through many thousands of web server files, checking whether any malicious code got in during a suspected breach. This can get tricky, as legitimate software can seem malicious when it’s not, and deleting files by mistake can break your website.

In this article, I’ll describe techniques to help you identify the difference between good files and bad files, that is, between clean ones and infected ones.

Continue reading
Greg Zemskov

What to do if your website is blacklisted

A hacker might not cause any noticeable damage when infiltrating your web server. You may not notice any change in performance or any loss of data. But that doesn't mean everything is okay. A popular use of a compromised server is to distribute malware. Malware is mal icious soft ware . It gets embedded into your website's pages and can infect any visitors to those sites. Hackers do this by injecting malicious code into a database or into web page templates. Visitors get redirected to malicious sites, or inadvertently download trojans. If an online antivirus tool detects a site hosting malware, it will blacklist the site by adding it to its database of malicious websites. Users of the same a...
Continue reading
Greg Zemskov

Web Hosting Made Secure with Plesk and ImunifyAV

Good news is always worth repeating: Plesk integrates ImunifyAV into its famous WebOps hosting control panel. It's not even been a year yet but we're already seeing the benefits of integrating Revisium's advanced antivirus and anti-malware scanner into ImunifyAV . One of these good signs is the decision by Plesk to integrate our free scanner directly into their core product. I know Plesk's customers are going to love how ImunifyAV makes their web sites safer. It's quick, it's easy, and best of all, it's free. Keeping web servers safe shouldn't be a headache or an afterthought. ImunifyAV is the cure for both problems. ImunifyAV automatically scans your websites for malicious files. If it find...
Continue reading
Greg Zemskov

Nicely integrated: cPanel and ImunifyAV

The good news just keeps coming: cPanel & WHM integrates ImunifyAV into its hosting automation platform.

cPanel is integrating ImunifyAV, our advanced antivirus and anti-malware scanner, into its famous web hosting control panel.

ImunifyAV automatically scans your web site for malicious files and it does it for free. It can detect all kinds of malicious files, such as backdoors, web-shells, viruses, hacker’s tools, black hat SEO scripts, phishing pages, and others. If any are found, ImunifyAV will report back telling you how to remove them manually.

I appreciate that not everyone has the time or knowledge to do this, so there’s a built-in upgrade option to ImunifyAV+ which lets you perform an automated one-click clean up. It’s quick, it’s thorough, and it removes the stress and worry usually associated with managing your cybersecurity defenses.

For those web hosters that need a comprehensive, all-in-one security solution, there’s a further upgrade option available in the form of Imunify360. More and more web hosters and Linux server managers around the globe are choosing Imunify360 for its ability to protect web servers and websites effectively and simply. Its multi-layered security architecture incorporates a firewall, WAF, IDS and IPS, and advanced machine learning for dynamic rule and signature creation. There’s also our unique herd immunity, the name we give to how Imunify360 instances share threat intelligence information among one another, forming a web of cyber threat knowledge greater than the sum of its parts. All in all, it makes Imunify360 the complete, perfectly integrated web security package.

Continue reading
Greg Zemskov

Imunify360 4.0 Stable Release – It's here

A month in development passes so quickly.

We announced in February that we have a new version of Imunify360 coming with some great new features. It’s ready, it’s out of beta and into general availability. Here’s a quick reminder of the new stuff. More details are in the Imunify360 4.0 preview post.

Feature Management (cPanel only for now)—Our cPanel users will see a new and better way to manage the features they offer their users. Feature Management is the new way to manage features, fully integrated into cPanel. It’ll give a lot of flexibility in adjusting the features available on hosting service plans and packages.

Dashboard/Charts—Now you’ll be able to see how well Imunify360 has been defending your systems, where attacks are coming from and how many. There are these new alerts, with more coming soon: total number of alerts, number of CAPTCHA events, number of WAF alerts, number of web-based brute-force attacks, number of OSSEC (network level) attacks, number of denied requests from bad bots.

Proactive Defense extension: The Blamer—The Blamer is a new extension to Proactive Defense. It gathers intelligence on attack profiles and uses this information to prevent future attacks.

Continue reading
Oleg Boytsev

[Threat Intelligence Report] Remote Code Execution in Drupal 8 (CVE-2019-6340)

The Imunify360 Threat Intelligence Group are monitoring a remote code execution vulnerability targeting installations of the Drupal CMS. This vulnerability has the identifier CVE-2019-6340 . It affects these versions of Drupal: All 8.5.x versions, up to and including 8.5.11 All 8.6.x versions, up to and including 8.6.10 Attack Method Remote code execution vulnerabilities allow attackers to execute arbitrary code on a platform, in this case, the Drupal CMS. The code can install other software, gather data for exporting, or permanently delete or modify data without the site owner's knowledge or consent. Attackers deliver malicious PHP payloads using automated scripts. It is this payload we hav...
Continue reading
Oleg Boytsev

New Feature: Imunify360 blocks server ports under attack

We are happy to announce a new feature for Imunify360. Active Response is an OSSEC feature re-engineered by us to block specific server ports under attack. This gives us significantly fewer false positives, and improves the detection and blocking of aggressive brute force requests. It's only available for Imunify360 version 4.0, currently in beta and due for release before the end of March 2019.   To activate Active Response, follow these steps. 1. Edit the configuration file: /etc/sysconfig/imunify360/imunify360.config 2. Add the these lines to it: OSSEC:     active_response: true 3.  Restart the Imunify360 agent: service imunify360 restart That's it. Now,...
Continue reading
Greg Zemskov

Imunify360 V4.0—New Features Preview

I have good news—there are features coming in Imunify360 4.0 that will make your life easier, your servers safer, and your businesses more profitable.   1. Feature Management ​ Our cPanel users will see a new and better way to manage the features they offer their users. Feature Management is our new way to (can you guess?) … manage features. It's fully integrated into cPanel and it's going to make dealing with multiple service plans and packages a breeze. Before, you could only change features user by user. Now, you can assign any feature changes to entire service plans. (You might even get a welcome windfall from this extra flexibility.) For the time being, the features you'll be able ...
Continue reading
Greg Zemskov

Attention Imunify360 v3.9.3 Beta Testers–We Need Your Help

Thank you, beta testers! We value your dedication to making our product better. Your real-world input helps Imunify360 become the most effective and efficient Linux server security product out there. So here's the deal—we need you to activate Proactive Defense. Proactive Defense is one of the core pillars of Imunify360, able to trace PHP opcodes at runtime, detect and block malicious invocations before it can even execute. We've made some improvements to Proactive Defense: We've refactored the detection algorithm. It's now much faster at tracing PHP code. Proactive Defense examines 50% more URLs and files when scanning, improving detection rates. Proactive Defense works just as it should wit...
Continue reading
Greg Zemskov

WebShield introduction for server administrators

General ​ WebShield is a component of the Imunify360 security solution. Its primary purpose is to handle HTTP traffic and prevent HTTP attacks. As a security solution, WebShield is meant to: Block blacklisted traffic Redirect graylisted traffic to CAPTCHA until the CAPTCHA is passed Act as a proxy service, redirecting remaining traffic to backends It consists of four services: WebShield itself Shared memory daemon SSL-caching daemon Sentrylogs daemon Shared memory is the component of WebShield that makes it easier to deal with certain aspects of Nginx configuration without reloading. It does this by modifying its shared memory. SSL-caching daemon watches changes to host SSL certificate sets ...
Continue reading
Andrey Kucherov

A post-hack survival guide: cleaning your website after being hacked

Introduction Very often, web hosting administrators start to take security measures only after a website has been hacked. So, let us imagine the situation when ImunifyAV has been installed on such an infected server. All malware has been cleaned in one click, and all malicious activity has been stopped. Are we good to go? Are there any safety steps required? Actually, the answer is, "Yes, there are still some steps that can be taken after cleanup". Make sure you use all the product's benefits  Imunify360 consists of multiple modules, including a WAF, malware detection, Proactive Defense, IDS / IPS, and others. I recommend you check out the documentation for each part of the product to g...
Continue reading
Andrey Kucherov

When Linux antivirus lets you down: How to remove malware from a website manually

By Andrey Kucherov, Malware Analyst at Imunify360 The detection rates of anti-malware and antivirus scanners varies considerably. Knowing how to manually scan for and remove malware is an important and useful skill with which to confirm a scanner's effectiveness or compensate for its failings. In this article, Andrey Kucherov, Malware Analyst at Imunify360, describes some essential manual website malware detection and cleanup techniques.   Introduction The reality of modern security creates new challenges for web hosts every day. It is well known that there is no absolute protection that guarantees a 0% chance of your website being hacked. Even major players in online markets suffer fro...
Continue reading